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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
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DETAILED ACTION 


Claims 1-47 are pending. 


Claim Objections 


2. Claim 33 is objected to under 37 CFR 1 .75 as being a substantial duplicate of 
claim 23. When two claims in an application are duplicates or else are so close in 
content that they both cover the same thing, despite a slight difference in wording, it is 
proper after allowing one claim to object to the other as being a substantial duplicate of 
the allowed claim. See MPEP § 706.03(k). 


3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 


(e) the invention was described in (1 ) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 


4. Claims 1, 3, 5-9, 11-22, 24, 26-29, 31-32, 34 and 37-47 are rejected under 35 


Claim Rejections - 35 USC § 102 


U.S.C. 102(e) as being anticipated by Wesinger, Jr. et al., US 6,052,788. 
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a) As to claim 1, Wesinger discloses a computer network security system 
comprising: a plurality of network bubbles (col. 6, lines 41-44), each network bubble 
having a plurality of bubble partitions (Fig. 1, elements 109, 103), each bubble partition 
having at least one network device (Fig.1 , element C) configured to transmit and receive 
data, and all of the network devices corresponding to at least one of the plurality of 
network bubbles have the same network security policy and a plurality of network 
control points, each network control point including one or more network control point 
devices (Figure 1, elements 105, 107, 155, 157) having at least one interface (col. 4, 
lines 35-36), wherein each of the plurality of bubble partitions is connected to at least 
one network control point to form a bubble boundary, the network control point is used 
to provide a connection between any two network devices, and wherein at least one of 
the network control point devices is configured to enforce the network security policy of 
the network bubble that is connected to the network control point device (col. 6, lines 
48-51). 

b) As to claims 3, 24 and 38, Wesinger discloses the secure network 
wherein each of the plurality of bubble partitions that belong to the same bubble has the 
same network security policy applied at each of the plurality of network control points 
that are connected to the plurality of bubble partitions (Fig. 2, elements 202, 203). 

c) As to claims 5, 27 and 42, Wesinger discloses DNS is used to translate 
hostnames to IP addresses and IP addresses to hostnames (col. 7, lines 46-53). It is 
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inherently understood that each of the plurality of bubble partitions is defined by an 
address range. 

d) As to claims 6, 28 and 43, Wesinger discloses the secure network 
wherein each of the network devices in each of the plurality of bubble partitions has an 
address contained within the address range (col. 12, lines 52-54). 

e) As to claims 7, 29 and 44, Wesinger discloses the secure network 
wherein each address exists in only one of the plurality of bubble partitions (col. 12, 
lines 54-56). 

f) As to claims 8 and 21 , Wesinger discloses the secure network wherein 
each of the plurality of network control points ensures source address integrity at each 
bubble boundary (col. 1, lines 61-67 to col. 2, lines 1-3). 

g) As to claims 9, 26 and 47, Wesinger discloses the secure network 
wherein each of the plurality of bubble partitions is connected to at least two network 
control point devices to achieve high availability in the case of a failed interface or 
network control point device (col. 12, lines 19-29). 

h) As to claims 1 1, 31, 39 and 45, Wesinger discloses the secure network 
wherein the plurality of network control points are coupled to one another and form a 
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virtual backbone that is external to all of the plurality of network bubbles (Fig. 1 , 
elements 107, 157). 

i) As to claims 12, 32, 40 and 46, Wesinger discloses the secure network 
wherein each of the plurality of network control points ensure source address integrity 
across the virtual backbone (col. 1, lines 51-67 to col. 2, lines 1-13). 

j) As to claims 13, 22 and 41, Wesinger discloses the secure network 
wherein each network device connects to only one network control point (Fig.1, element 
C). 

k) As to claim 14, Wesinger discloses the secure network wherein the total 
number of network control points is greater than the number of network control points 
connected to any one particular bubble partitions (Fig. 1 ). 

I) As to claim 15, 18 and 37, Wesinger discloses the secure network 
wherein all data transmitted from one network device to another network device 
traverses only one network control point (col. 3, lines 19-21). 

m) As to claims 16 and 19, Wesinger discloses the secure network wherein 
all data transmitted from one network device to another network device traverses only 
two network control points (col. 3, lines 21-22). 
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n) As to claim 17, Wesinger discloses a secure network comprising a first 
and a second network bubble (Fig. 1, elements 101 and 151), each network bubble 
having a distinct network security policy and a plurality of bubble partitions, each bubble 
partition having a plurality of network devices (Fig. 1, element C) configured to transmit 
and receive data and a plurality of network control points, each network control point 
having one or more network control point devices (Fig. 1 , elements 105, 107, 155, 157), 
each network control point device having at least one interface, wherein each bubble 
partition is connected to at least one and no more than two network control points to 
provide a connection between a network device in the first network bubble and a 
network device in the second network bubble, and wherein each one of the network 
control point devices is configured to enforce the network security of at least one of the 
network bubbles (col. 11, lines 32-50). 

o) As to claim 20, Wesinger discloses the secure network wherein all data 
transmitted from one network device in the first network bubble to another network 
device in the second network bubble traverses more than two network control points 
(col. 7, lines 37-40). 

p) As to claim 34, Wesinger discloses a computer network security system 
comprising: a plurality of network bubbles, each network bubble having a plurality of 
bubble partitions, each bubble partition having at least one network device (Fig.1, 
element C) configured to transmit and receive data, and all of the network devices 
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corresponding to at least one of the plurality of network bubbles have the same network 
security policy and a plurality of network control points, each network control point 
including one or more network control point devices (Figure 1, elements 105, 107, 155, 
157) having at least one interface (col. 4, lines 35-36), wherein each bubble partition is 
connected to only one network control point (Fig. 1, elements 109, 159), which is used 
to provide a connection between any two network devices of different bubbles, and 
wherein each one of the network control point devices is configured to enforce the 
network security policy of the network bubble that the network control point device is 
connected to and wherein when data is transmitted from one network device to another 
network device, two network control points are traversed (Fig.1, elements 109, 107, 
157, 159). 


Claim Rejections - 35 USC § 103 


5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 2, 4, 10, 23, 25, 30, 33 and 35-36 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Wesinger, Jr. et al., US 6,052,788 in view of Williams, US 


6,304,973. 
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a) As to claims 2, 23, 33 and 35, Wesinger fails to disclose a secure 
network further comprising a plurality of inter-bubble devices. 

Williams discloses a multi-level security network system further comprising a 
plurality of inter-bubble devices, each inter-bubble devices is configured to connect at 
least two of the plurality of network bubbles to one another and to enforce the network 
security policy of each of the plurality of network bubbles that the inter-bubble device is 
connected to (col. 26, lines 27-40). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to employ the use of inter-bubble devices, as Williams teaches, in the system 
of Wesinger so as to reduce network latency. 

b) As to claims 4, 10, 25, 30 and 36, Wesinger fails to disclose network 
devices in different bubble partitions of the same network bubble has unrestricted 
network connectivity. 

Williams discloses each of the plurality of bubble partitions has unrestricted 
network connectivity to all other bubble partitions within the same bubble (col. 13, lines 
16-18). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to employ the use of unrestricted network connectivity to all bubble partitions 
within the same bubble, as Williams teaches, in the system of Wesinger to increase 
throughput. 
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Conclusion 


7. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure 

a) US 5,968,176 to Nessett et al., discloses multi-layer firewall system. 

b) US 6,212,558 to Antur et al., discloses method and apparatus for 
configuring and managing firewalls and security devices. 

8. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Minh Dieu Nguyen whose telephone number is 703-305- 
9727. The examiner can normally be reached on M-F 6:00-2:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Greg Morse can be reached on 703-308-4789. The fax phone number for 
the organization where this application or proceeding is assigned is (703) 872-9306. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703-305- 
3900. 
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